This question came from our site for computer enthusiasts and power users.

i have been looking at the traffic with Paros Proxy, and it looks like i am only contacting valid URLs that you would expect to be attached to google or yahoo. And i have Firefox set to ask about SSL certs, like it gives me an alert from Paros, but obviously this is to be expected. I just thought it was weird that google was using yahoo-domain certs
–
fightermagethiefMar 28 '11 at 19:05

What happens if you run ping -c 2 mail.google.com from a command prompt? I'm looking specifically for the IP address in the output.
–
Jack M.Mar 29 '11 at 22:20

@jack: i am getting 74.125.67.19, i guess this is correct. Thanks for the tip.
–
fightermagethiefMar 30 '11 at 20:33

1 Answer
1

I find it very hard to believe that Google would ever make use-of yahoo servers. I may be wrong in this, but I suspect your browser may have run into some nasty bugs... or perhaps you have a yahoo-toolbar enabled that is doing some stuff behind-the-scenes. Can you give me an example of what you were doing/where you went... or what you were looking at? I do not see any yahoo certs in anything I do @ google. (and I manage several google-app enabled domains, use gmail, and many other things google offers.)

@:thecompwiz: all i have to do is just open up firefox with my webmailnotifier password. This add-on stores my passwords for a few email sites and automatically checks them periodically. So all i have to do is sit there and occasionally i get this msg. But the window actually says that google.mail.com is using the above mentioned servers. Could gmail be redirected in this manner? i do have a ymail account in webmail notifier, however
–
fightermagethiefMar 28 '11 at 22:28

It is possible to setup yahoo mail to check gmail for mail, however this is done behind-the-scenes. I.e. Yahoo connects to google's servers and logs in as you and downloads emails directly from google. I have never heard of this "webmailnotifier" tool you're talking about... so I cannot be sure what is going on with it, but something REALLY doesn't sound right. Have you checked for virii/rootkits on your machine lately? It's possible your certificate store has also gotten corrupted or possibly you inadvertently installed a bad cert. Are you behind any kind of enterprise-flavored firewall?
–
TheCompWizMar 29 '11 at 14:17

yeah i was compromised for a while. i have since installed sophos anti-virus and scanned but that doesnt do much unless the attacker is a complete idiot. After scaring the s**t out of a suspect, he deleted a bunch of XML lib files that allow for code execution. I am not sure what else remains though. I know who it is(from a business i worked at) and even have evidence(excel file emailed as attachment) but i dont know what to do. I currently am checking stuff from a home network with basic firewall/router
–
fightermagethiefMar 29 '11 at 15:37

the only certs i have are from 'authorities' if that makes a difference
–
fightermagethiefMar 29 '11 at 15:46